Managing an enterprise cybersecurity and information assurance program in any company today is a complex balancing act. It resembles an unending three-dimensional chess match entwining business risk, profit and loss, pitting a company’s very survival against myriad global threat actors. An organization’s cybersecurity stance also involves a combination of technology and solid decision making at an organization’s highest levels.
Security is among the single greatest concern government agencies have about moving their systems to the cloud. Although it offers significant benefits, cloud computing continues to raise questions about data and system protection. Regardless, the Office of Management and Budget via its Cloud Smart Strategy and the previous Cloud First policy mandates government agencies move to the cloud.
The Secure 5G and Beyond Act, the Promoting United States Wireless Leadership Act and the Prague Proposals have topped the headlines in recent months. All three are focused on security.
The bipartisan Cyberspace Solarium Commission today issued a call to action on cybersecurity. The commission issued a report sounding the alarm on the nation’s lack of security in cyberspace.
“The reality is that we are dangerously insecure in cyber. Your entire life—your paycheck, your health care, your electricity—increasingly relies on networks of digital devices that store, process and analyze data. These networks are vulnerable, if not already compromised,” Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wisconsin), co-chairs of the commission, write in a letter introducing the report.
The much-hyped 5G has begun to arrive, but in the United States, the truly transformative elements of these next-generation cellular networks are probably still four or five years off. Although improvements such as 100-times-faster speeds will enable more life-and-death type services, including remote surgery or self-driving cars, they also employ a more compromised hardware supply chain and offer a larger attack surface than current networks, federal officials warn.
“The anxiety from governments and regulators about the security issues [arising from 5G] and possible nation-state interference is at a fever pitch right now,” Robert Mayer, senior vice president for cybersecurity, USTelecom, says.
The United States is woefully underprepared to protect cyberspace against the worst-case scenarios threatening the country, says the former supreme allied commander of NATO. Adm. James Stavridis, USN (Ret.), operating executive for the Carlyle Group, warns that long-term solutions must be paired with near-term actions to prevent a host of cyber threats from crippling the United States militarily and economically.
Technica Corp. of Sterling, Virginia, has been awarded a $13,591,345 cost-plus-fixed-fee modification to exercise the first option period, February 15, 2020, through February 14, 2021. The contract provides weapon system engineering and maintenance services to include incremental software version development and installation, security patch installations, preventative maintenance, trouble shooting and responsive Tier 1, 2 and 3 support for the Cyberspace Vulnerability Assessment/Hunter (CVA/H) weapon system. Work will be performed in Sterling, Virginia, and is expected to be complete by August 14, 2025. The award is the result of a competitive acquisition.
Applying artificial intelligence/machine learning (AI/ML) cybersecurity is a “hard problem,” but one with significant and promising progress, according to intelligence experts. Achieving this will require a combination of top-down and bottom-up efforts that leverage both government and industry cooperation, as each can benefit from unique capabilities and contributions of the other.
Greater concentration on separate physical security and cybersecurity has led to a major loophole characterized by the insider threat. Combining the two disciplines holds the key to protecting against devastating data breaches.
Cybersecurity protects from the inside-out, but a major loophole enables insider threats.—Robert Bauman, Trusted Systems Inc. #AFCEATechNet
— Bob Ackerman (@rkackerman) November 20, 2019
FreeAlliance.com LLC,* McLean, Virginia, is awarded a $15,299,578 cost-plus-fixed-fee contract for advanced cyber support services in support of the Marine Corps Cyberspace Operations Group. Work will be performed in Quantico, Virginia. This one-year contract includes four one-year option periods which, if exercised, would bring the cumulative value of this contract to an estimated $79,599,761. The period of performance of the base period is November 1, 2019, through October 31, 2020. If all options are exercised, the period of performance would extend through October 31, 2024. Fiscal year 2020 operations and maintenance (Marine Corps) funds in the amount of $1 million will be obligated at time of award. Fiscal 2020 operations and ma
The National Security Agency (NSA) has created a new Cybersecurity Directorate as a recognition that “the best defense against devastating cyber attacks is to unify as a nation against our threats,” the agency has announced.
The Department of Homeland Security’s new Cybersecurity and Infrastructure Security Agency, known as CISA, is charged with coordinating the protection of America’s critical infrastructure from cyber as well as physical attacks. Director Christopher Krebs recently released the agency’s top operational priorities. CISA, which was created in November 2018, will initially tackle supply chain risks, election security and industrial control system security, among other measures, according to the document, Cybersecurity and Infrastructure Security Agency: Strategic Intent.
The U.S. Navy is creating a new position emphasizing a cultural and operational change in cybersecurity to deal with increasing online threats that have already plagued the service and its contractors. The new position, special assistant to the secretary of the Navy for information management, will be established and filled in the next couple of weeks with a cyber expert from private industry, says Undersecretary of the Navy Thomas Modly.
RTL Networks Inc.,* Denver, Colorado, is awarded a $14,399,532 cost-plus-fixed-fee, indefinite-delivery/indefinite-quantity contract to provide services in the areas of cooperative cyber risk assessments and cyber table tops of fighter/attack (fixed and rotary wing) and surveillance aircraft or similarly complex aircraft, tactical unmanned aerial vehicles, GPS guided weapons or similarly complex weapons, training simulators, Portable Electronic Maintenance Aids equipment, software and development environments, and associated communications and networks. Work will be performed in China Lake, California (50%); Placentia, California (48%); and Denver (2%), and is expected to be completed in August 2024. No funds will be obligated at the tim
Data Intelligence LLC,* Marlton, New Jersey, is awarded a $12,584,840 indefinite-delivery/indefinite-quantity, cost-plus-fixed-fee contract to provide cybersecurity and security engineering-related services to the Department of Defense, National Guard Bureau and Department of Homeland Security. This two-year contract includes one, three-year option period which, if exercised, would bring the potential value of this contract to an estimated $31,832,280. Work will be performed in Marlton, New Jersey (25%) and in Philadelphia, Pennsylvania (75%), and work is expected to be completed June 18, 2021. If the option is exercised, work will continue through June 18, 2024. No funds will be obligated at the time of award.
Artificial intelligence and machine learning techniques could help information and network defenders recognize patterns of potential attackers so their next moves can be proactively blocked. In addition, cyber tools enhanced with these capabilities could provide a much more detailed picture of the cyber battlefield and increase the potential of success in a cyber campaign. This knowledge would complement the kinetic battlefield and could permit war planners to choose the appropriate mix of cyber and kinetic operations.
Sentar Inc.,* Huntsville, Alabama, was awarded a $10,426,896 hybrid (cost-no-fee and firm-fixed-price) contract for cyber security and information management support services. Twenty five bids were solicited with six bids received. Work will be performed in Huntsville, Alabama, with an estimated completion date of November 30, 2024. Fiscal year 2019 operations and maintenance, Army and Army working capital funds in the amount of $1,683,982 were obligated at the time of the award. U.S. Army Contracting Command, Redstone Arsenal, Alabama, is the contracting activity (W31P4Q-19-F-0323). *Small Business
Cyber is fundamentally changing the national security landscape. David Sanger, national security correspondent for The New York Times and author of The Perfect Weapon, used his keynote address on day two of the AFCEA-GMU C4I and Cyber Center Symposium not to explain what is happening, but why this is happening.
To illustrate the new age of weaponizing information, Sanger described the differences between Watergate and the hack of the DNC in December 2016. The Russians didn’t have to do anything the Watergate hackers did.
Legislators on Capitol Hill have formed the Cyberspace Solarium Commission, known as the CSC, which will put together a comprehensive U.S. cyber policy. Sen. Angus King (I-Maine), who is co-chairing the new organization with Rep. Michael Gallagher (R-Wisc.), announced the formation of the Geneva Convention-type commission in a call with reporters on May 13. The establishment of the commission was outlined in last year’s National Defense Authorization Act (NDAA), Sen. King said.
The cybersecurity workforce gap is real, and it’s growing. Based on a state-by-state analysis on CompTIA’s cyberstates.org, there are currently 320,000 open cyber jobs in the United States. By 2022, the projected shortage of cybersecurity professionals worldwide will reach 1.8 million, according to the Center for Cyber Safety and Education.